SQL Injection Vulnerability in Directory Management System by Directory.com
CVE-2022-31382

9.8CRITICAL

Key Information:

Vendor
PHPgurukul
Status
Directory Management System
Vendor
CVE Published:
16 June 2022

Summary

A SQL injection vulnerability has been identified in the Directory Management System v1.0, enabling an attacker to manipulate SQL queries through the 'searchdata' parameter in 'search-directory.php'. This flaw could allow unauthorized access to data or even compromise the integrity of the database. Users of the affected versions are advised to apply necessary security patches and review their systems for potential exploits.

References

http://phpgurukul.com
x_refsource_MISC
http://directory.com
x_refsource_MISC
https://github.com/laotun-s/POC/blob/main/CVE-2022-31382.txt
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.